* CompilerDriver_pix_run.cpp (pixNetworkZoneChecks): see SF bug

3213019 "FWSM Network zone and IPv6". Currently we do not support
ipv6 with PIX/ASA and FWSM. If user creates a group to be used as
network zone object and places ipv6 address in it, this address
should be ignored while compiling the policy but this should not
be an error.

doc/ChangeLog

@@ -1,5 +1,12 @@
 2011-04-07  vadim  <vadim@netcitadel.com>
 
+	* CompilerDriver_pix_run.cpp (pixNetworkZoneChecks): see SF bug
+	3213019 "FWSM Network zone and IPv6". Currently we do not support
+	ipv6 with PIX/ASA and FWSM. If user creates a group to be used as
+	network zone object and places ipv6 address in it, this address
+	should be ignored while compiling the policy but this should not
+	be an error.
+
 	* FirewallInstaller.cpp (executeExternalInstallScript): see SF bug
 	3212988 "external script makes getopt difficult". User-defined
 	parameters for the external script moved to the end of the command

src/cisco_lib/CompilerDriver_pix_run.cpp

@@ -743,6 +743,21 @@ void CompilerDriver_pix::pixNetworkZoneChecks(Firewall *fw,
                 throw FatalErrorInSingleRuleCompileMode();
             }
 
+/*
+  Commented out for SF bug 3213019
+
+  currently we do not support ipv6 with PIX/ASA and FWSM. If user
+  creates a group to be used as network zone object and places ipv6
+  address in it, this address should be ignored while compiling the
+  policy but this should not be an error. Compiler uses network zone
+  group to do various address matching operations when it tries to
+  determine an interface for a rule where user did not specify
+  one. Since we never (should) have ipv6 in policy and nat rules,
+  compiler is not going to have anything to compare to ipv6 address in
+  the network zone even if there is one and this ipv6 address is going
+  to be ignored.
+
+
             if (addr->getAddressPtr()->isV6())
             {
                 QString err("Network zone of interface '%1' uses object '%2' "
@@ -752,7 +767,7 @@ void CompilerDriver_pix::pixNetworkZoneChecks(Firewall *fw,
                       .arg((*j)->getName().c_str()).toStdString());
                 throw FatalErrorInSingleRuleCompileMode();
             }
-
+*/
             netzone_objects.insert(
                 pair<string,FWObject*>(iface->getLabel(),*j));
             nz->addRef(*j);

src/cisco_lib/Helper.cpp

@@ -211,8 +211,8 @@ int  Helper::findInterfaceByNetzone(Address *obj)
  * that object 'obj' belongs to.  Returns interface ID
  *
  */
-int  Helper::findInterfaceByNetzone(
-    const InetAddr *addr, const libfwbuilder::InetAddr *nm) throw(FWException)
+int  Helper::findInterfaceByNetzone(const InetAddr *addr, const InetAddr *nm)
+    throw(FWException)
 {
 #if DEBUG_NETZONE_OPS
     cerr << "Helper::findInterfaceByNetzone";
@@ -253,12 +253,14 @@ int  Helper::findInterfaceByNetzone(
 
             for (list<FWObject*>::iterator j=nz.begin(); j!=nz.end(); ++j)
             {
-                if (Address::cast(*j) == NULL) continue;
+                Address *netzone_addr = Address::cast(*j);
+                
+                if (netzone_addr == NULL) continue;
 
 #if DEBUG_NETZONE_OPS
                 cerr << "Helper::findInterfaceByNetzone";
-                cerr << "    " << (*j)->getName()
-                     << "  " << Address::cast(*j)->getAddressPtr()->toString()
+                cerr << "    " << netzone_addr->getName()
+                     << "  " << netzone_addr->getAddressPtr()->toString()
                      << endl;
 #endif
 
@@ -266,12 +268,17 @@ int  Helper::findInterfaceByNetzone(
                 // net_zone=="any"
                 if (addr==NULL)
                 {
-                    if ((*j)->getId()==FWObjectDatabase::ANY_ADDRESS_ID)
+                    if (netzone_addr->getId()==FWObjectDatabase::ANY_ADDRESS_ID)
                         return iface->getId(); // id of the interface
                 } else
                 {
-                    const InetAddr *nz_addr = Address::cast(*j)->getAddressPtr();
-                    const InetAddr *nz_netm = Address::cast(*j)->getNetmaskPtr();
+                    // see SF bug 3213019
+                    // skip ipv6 addresses in network zone group
+                    if (netzone_addr->getAddressPtr()->addressFamily() !=
+                        addr->addressFamily()) continue;
+
+                    const InetAddr *nz_addr = netzone_addr->getAddressPtr();
+                    const InetAddr *nz_netm = netzone_addr->getNetmaskPtr();
                     if (nm != NULL && nz_netm != NULL)
                     {
                         InetAddrMask nz_subnet(*nz_addr, *nz_netm);
@@ -298,7 +305,7 @@ int  Helper::findInterfaceByNetzone(
                         // to either.
                         if (ovr.front() == other_subnet)
                         {
-                            zones[iface->getId()] = *j;
+                            zones[iface->getId()] = netzone_addr;
 #if DEBUG_NETZONE_OPS
                             cerr << "Helper::findInterfaceByNetzone";
                             cerr << "    match" << endl;
@@ -306,9 +313,9 @@ int  Helper::findInterfaceByNetzone(
                         }
                     } else
                     {
-                        if (Address::cast(*j)->belongs(*addr))
+                        if (netzone_addr->belongs(*addr))
                         {
-                            zones[iface->getId()] = *j;
+                            zones[iface->getId()] = netzone_addr;
 
 #if DEBUG_NETZONE_OPS
                             cerr << "Helper::findInterfaceByNetzone";

test/pix/cluster1-1_pix1.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:39 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:25 2011 PDT by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported

test/pix/cluster1-1_pix2.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:39 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:25 2011 PDT by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported

test/pix/cluster1_pix1.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:39 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:24 2011 PDT by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported

test/pix/cluster1_pix2.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:39 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:24 2011 PDT by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported

test/pix/firewall.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:26 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:12 2011 PDT by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported

test/pix/firewall1.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:26 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:12 2011 PDT by vadim
 !
 ! Compiled for pix 6.1
 ! Outbound ACLs: not supported

test/pix/firewall10.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:27 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:13 2011 PDT by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported

test/pix/firewall11.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:27 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:13 2011 PDT by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported

test/pix/firewall12.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:27 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:13 2011 PDT by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported

test/pix/firewall13.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:28 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:14 2011 PDT by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported

test/pix/firewall14.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:28 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:14 2011 PDT by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported

test/pix/firewall2.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:28 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:14 2011 PDT by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported

test/pix/firewall20.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:29 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:15 2011 PDT by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported

test/pix/firewall21-1.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:29 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:15 2011 PDT by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported

test/pix/firewall21.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:29 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:15 2011 PDT by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported

test/pix/firewall22.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:30 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:16 2011 PDT by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported

test/pix/firewall23.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:30 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:16 2011 PDT by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported

test/pix/firewall3.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:30 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:16 2011 PDT by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported

test/pix/firewall33.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:31 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:16 2011 PDT by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported

test/pix/firewall34.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:31 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:17 2011 PDT by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported

test/pix/firewall4.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:31 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:17 2011 PDT by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported

test/pix/firewall50.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:32 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:18 2011 PDT by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported

test/pix/firewall6.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:32 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:18 2011 PDT by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported

test/pix/firewall8.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:33 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:18 2011 PDT by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported

test/pix/firewall80.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:33 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:19 2011 PDT by vadim
 !
 ! Compiled for pix 8.2
 ! Outbound ACLs: supported

test/pix/firewall81.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:33 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:19 2011 PDT by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported

test/pix/firewall82.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:34 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:20 2011 PDT by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported

test/pix/firewall83.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:34 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:20 2011 PDT by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported

test/pix/firewall9.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:34 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:20 2011 PDT by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported

test/pix/firewall90.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:35 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:20 2011 PDT by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported

test/pix/firewall91.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:35 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:21 2011 PDT by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported

test/pix/firewall92.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:35 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:21 2011 PDT by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported

test/pix/firewall93.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:36 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:21 2011 PDT by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported

test/pix/firewall94.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:36 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:22 2011 PDT by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported

test/pix/fwsm1.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:37 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:22 2011 PDT by vadim
 !
 ! Compiled for fwsm 2.3
 ! Outbound ACLs: supported

test/pix/fwsm2.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:37 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:22 2011 PDT by vadim
 !
 ! Compiled for fwsm 4.x
 ! Outbound ACLs: supported

test/pix/pix515.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:37 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:23 2011 PDT by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported

test/pix/real.fw.orig

@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3505
+!  Firewall Builder  fwb_pix v4.2.0.3519
 !
-!  Generated Mon Mar 21 12:46:38 2011 PDT by vadim
+!  Generated Thu Apr  7 10:50:23 2011 PDT by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported

test/pix/test_net_zone_2.fw.orig

@@ -0,0 +1,90 @@
+!
+!  This is automatically generated file. DO NOT MODIFY !
+!
+!  Firewall Builder  fwb_pix v4.2.0.3519
+!
+!  Generated Thu Apr  7 11:00:37 2011 PDT by vadim
+!
+! Compiled for pix 6.1
+! Outbound ACLs: not supported
+! Emulate outbound ACLs: no
+! Generating outbound ACLs: no
+! Assume firewall is part of any: no
+!
+!# files: * test_net_zone_2.fw
+!
+! testing security levels and labels
+
+! N test_net_zone_2:NAT:0: warning: Objects used in Original Source and Translated Source of the rule dictate that the same interface 'outside' is going to be used as real and mapped interface in the generated nat command.
+! N test_net_zone_2:NAT:0: warning: Objects used in Original Source and Translated Source of the rule dictate that the same interface 'outside' is going to be used as real and mapped interface in the generated nat command.
+
+!
+! Prolog script:
+!
+
+!
+! End of prolog script:
+!
+
+
+
+
+nameif ethernet0 outside security0
+
+nameif ethernet1 inside security100
+
+
+no logging buffered
+no logging console
+no logging timestamp
+no logging on
+
+
+
+telnet timeout -1
+
+clear ssh
+aaa authentication ssh console LOCAL
+ssh timeout -1
+
+no snmp-server enable traps
+
+
+
+
+no service resetinbound
+no service resetoutside
+no sysopt connection timewait
+no sysopt security fragguard
+no sysopt nodnsalias inbound
+no sysopt nodnsalias outbound
+no sysopt route dnat
+floodguard disable
+
+
+!################
+! 
+! Rule  0 (global)
+access-list outside_acl_in deny   ip any any 
+access-list inside_acl_in deny   ip any any 
+
+
+access-group inside_acl_in in interface inside
+access-group outside_acl_in in interface outside
+
+! 
+! Rule  0 (NAT)
+! test_net_zone_2:NAT:0: warning: Objects used in Original Source and Translated Source of the rule dictate that the same interface 'outside' is going to be used as real and mapped interface in the generated nat command.
+
+global (outside) 1 interface
+nat (outside) 1 192.168.1.0 255.255.255.0 0 0
+nat (outside) 1 192.168.1.11 255.255.255.255 0 0
+
+
+
+!
+! Epilog script:
+!
+
+! End of epilog script:
+!